These platforms support various licensable combinations of product modules. This section provides general guidelines for module support.

Most of the support guidelines relate to memory. The following list applies for all memory levels:

vCMP supported platforms

VIPRION B2100, B2150, B2250, B4200

VIPRION B4300 blade in the 4400(J100)/4480(J102) and the 4800(S100)

BIG-IP 5200v, 5250v, 7200v, 7250v, 10200v, 10250v, 10350v, 12250v

Memory: 12 GB or more

All licensable module-combinations may be run on platforms with 12 GB or more of memory, and on VE and vCMP guests provisioned with 12 GB or more of memory. Note that this does not mean that all modules may be simultaneously provisioned on all platforms with 12 GB or more of memory. The BIG-IP license for the platform determines which combination of modules are available for provisioning.

Memory: 8 GB

The following guidelines apply to the BIG-IP 2000s, 2200s, 3900, 6900 platforms, to the VIPRION B4100 and B4100N platforms, and to VE guests configured with 8 GB of memory. (A vCMP guest provisioned with 8 GB of memory has less than 8 GB of memory actually available and thus does not fit in this category.)

No more than three modules should be provisioned together.

On the 2000s and 2200s, Application Acceleration Manager (AAM) can be provisioned with only one other module.

To use Access Policy Manager (APM) and Secure Web Gateway (SWG) modules together on platforms with exactly 8 GB of memory, Local Traffic Manager (LTM) provisioning must be set to None.

Memory: Less than 8 GB and more than 4 GB

The following guidelines apply to platforms, and to VE and vCMP guests provisioned with less than 8 GB and more than 4 GB of memory. (A vCMP guest provisioned with 8 GB of memory has less than 8 GB of memory actually available and thus fits in this category.)

No more than three modules (not including AAM) should be provisioned together.

Application Acceleration Manager (AAM) cannot be provisioned with any other module; AAM can only be provisioned standalone.

Analytics (AVR) counts towards the two module-combination limit (for platforms with less than 6.25 GB of memory).

Memory: 4 GB or less

The following guidelines apply to the BIG-IP 1600 and 3600 platforms, and to VE and vCMP guests provisioned with 4 GB or less of memory.

No more than two modules may be configured together.

AAM should not be provisioned, except as Dedicated.

ASM can be provisioned with this amount of memory, but a sizing exercise should be performed to ensure that it does not hit capacity issues.

vCMP memory provisioning calculations

The amount of memory provisioned to a vCMP guest is calculated using the following formula: (platform_memory- 3 GB) x (cpus_assigned_to_guest/ total_cpus).

As an example, for the B2100 with two guests, provisioned memory calculates as: (16-3) x (2/4) ~= 6.5 GB.

For certain platforms, the vCMP host can allocate a single core to a vCMP guest. However, because a single-core guest has relatively small amounts of CPU resources and allocated memory, F5 supports only the following products or product combinations for a single-core guest:

BIG-IP LTM standalone only

BIG-IP GTM standalone only

BIG-IP LTM and GTM combination only

Configuration utility browser support

The BIG-IP Configuration Utility supports these browsers and versions:

Microsoft Internet Explorer 11.x

Mozilla Firefox v40, or later

Google Chrome v44, or later

User documentation for this release

For documentation related to this release, contact the F5 sales team.

Upgrading to BIG-IP 13.0.0 from a previous version

When upgrading FPS from BIG-IP 12.0.0 or 12.1.0 to 13.0.0, you should delete the mobile security alerts URL (typically /rstats/) and the alert routing iRule on all mobile security profiles.

Due to changes in malware detection configuration in BIG-IP 13.0.0, after upgrading FPS from BIG-IP 11.6.x, 12.0.0, or 12.1.0, a user-defined malware type is automatically created by the system that contains the malware detection configuration from the previous BIG-IP version. The name of this malware type is general.

Fixes, behavior changes, and known issues

New in 13.0.0

F5 Networks provides Fraud Protection Service (FPS) that detects and protects customer's web sites and mobile apps from fraud attacks, such as malware and phishing. Using layered security, automatic engines, and a 24/7 security operation center (SOC), FPS efficiently detects attacks as they are being set up, monitors the fraudulent activity, and documents the incident. Users can view notifications of fraud incidents by means of alerts sent to the FPS Dashboard.

New FPS features in BIG-IP 13.0.0 include:

Device ID for the client’s computing device

FPS can now create a fingerprint for identifying the client's browser. This fingerprint is included in alerts sent to the FPS Dashboard or BIG-IQ Logging Nodes.

Improved support for Single Page Applications (SPA)

FPS 13.0.0 can perform the following actions on full JSON payloads:

Encryption/decryption

Identify a username contained in a payload

Detect data manipulation within a payload

Additional iRules flexibility

FPS 13.0.0 provides additional iRules flexibility so that the various type of FPS detection and protection can be disabled on protected URLs for the current HTTP request. Specifically, the following FPS detection and protection can be disabled: Malware Detection, Phishing Detection, Application Layer Encryption, and Automatic Transactions Detection.

Improved debug troubleshooting for the specific client

Debug logging has been added to FPS 13.0.0. When this feature is enabled, a debug output log is generated encrypted on the client-side and when sent to the Dashboard alert server can be viewed decrypted.

Applying malware detection to user-defined malware types

FPS malware detection has a default set of malware types that it can detect on your anti-fraud profile. If you want FPS to check for a malware type that is not part of its default set, you can now define a malware type using the FPS Malware Configuration settings. You can configure FPS to detect a malware type by means of:

URLs that the malware can block (domain availability)

Resources in the client's web browser that can be loaded from the malware (browser cache)

Baits that can attract the malware

Malware Overview

The FPS GUI now displays a Malware Overview, per URL, that presents:

A summary of the types of malware FPS is currently configured to detect on the URL, including user-defined types,

Which types of malware detection FPS applies to the URL.

Automatic transaction configuration per URL

Almost all Automatic Transaction settings are now configured per URL and not on the profile level. This allows for more variation and flexibility when configuring Automatic Transactions detection on the URLs in your profile.

CSP Header support

FPS can now modify CSP headers in HTTP responses to ensure that the FPS JavaScript can run on the customer’s web page.

Cloning a URL

In FPS 13.0.0, you can create a new URL using the Clone button so that the new URL receives exactly the same configuration settings of an existing URL, including all URL parameters. This is useful in situations where the URL of the form action in a page is different than the URL of the page itself, in which case you would need to have the same URL configuration for both URLs.

Mobile Security repackaging detection (encryption enforcement)

By applying certain configurations on URL parameters, FPS Mobile Security can now ensure that parameters in an HTTP request coming from a mobile app are encrypted using FPS Application Level Encryption. If the FPS system detects that a parameter value is actually not encrypted when the system expects it to be, its value is nullified.

Keylogger Detection on Android mobile devices

When using FPS 13.0.0 with MobileSafe SDK version 1.2.1.2 or later, FPS can detect certain keyloggers based on their characteristics on Android devices.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5

AskF5 is your storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 Publication Preference Center

To subscribe, click AskF5 Publication Preference Center, enter your email address, select the publications you want, and click the Submit button. You will receive a confirmation email. You can unsubscribe at any time by clicking the Unsubscribe link at the bottom of the email, or on the AskF5 Publication Preference Center screen.

TechNews Weekly eNewsletters: Up-to-date information about product and hotfix releases, new and updated articles, and new feature notices.

TechNews Notifications: Periodic plain text TechNews, sent any time F5 releases a product or hotfix. (This information is always included in the next weekly HTML TechNews email.)